On Wednesday, the well-known hacktivist group Syrian Electronic Army managed to get into MarkMonitor’s management portal. Once there, the group targeted Facebook: they used the management portal to alter Facebook’s WHOIS record, including Facebook’s registrant contacts, intending to hijack Facebook’s domain nameservers (as they had done earlier with both PayPal and eBay’s UK sites).

Here’s what should get people’s attention: these guys (maybe girls, too; let’s use “guys” as a unisex term) were in MarkMonitor’s management portal. For the rest of the evening, there was very little news about the incident, other than some limited reporting on the aborted attempt at hijacking Facebook’s domain. Facebook gets people’s attention.

So who is MarkMonitor? MarkMonitor does brand protection for pretty much everybody you’ve ever heard of. Sure, you trademark attorneys may just know them as that company that looks after trademarks on the internet, but they do more than that. They protect against things like fraud, spam, phishing, malware, and piracy. They monitor internet traffic to look for these sorts of things and collect data on the things they find. And, more importantly, through this activity, they hold the keys to how every brand that uses them is perceived — how every brand is trusted — by the rest of the world.

So MarkMonitor got popped, and they got popped deeply enough to give some random attackers full access to their management portal. Which means the attackers could have done anything they wanted to. They could have looked at, copied, or changed any data they wanted to. What they chose to do was make a lot of noise trying to hijack Facebook in a really obvious way, and MarkMonitor discovered the breach and kicked the attackers out.

So think about this for a minute: what if they’d been quieter? What if their attack had been much more subtle? And…how do we know that while they were annoying Facebook, they weren’t also doing something else?